- 129/2023
- Critical
Cisco released security updates to address several vulnerabilities affecting multiple Cisco products.
The addressed vulnerabilities could allow the attacker to execute arbitrary code, gain access, escalate privileges, cause a denial of service, or perform cross-site scripting on the affected products.
Sample of the addressed vulnerabilities:
1. Cisco Expressway Series and Cisco TelePresence VCS Privilege Escalation Vulnerability (CVE-2023-20105):
- CVSS: 9.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
2. Cisco Adaptive Security Appliance and Firepower Threat Defense Software Denial of Service Vulnerability (CVE-2023-20006):
- CVSS: 8.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
Sample of the affected products:
- Cisco Expressway Series and Cisco TelePresence VCS.
- Cisco ASA Software (9.16.4) and Cisco FTD Software (7.2.1).
- Cisco AnyConnect.
- Small Business 200 Series Smart Switches.
- Cisco Unified CM and Unified CM SME.
Vulnerabilities
- CVE-2023-20136
- CVE-2023-20116
- CVE-2023-20188
- CVE-2023-20178
- CVE-2023-20006
- CVE-2023-20108
- CVE-2023-20105
- CVE-2023-20192
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.